Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 26 subscribers
  • Views 9489 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG v16 SHA2 certificate issue

AndersK

After upgrading XG appliance from from v15 to v16 and regenerating the certificate authority as recommended, the new certificate still show a SHA1 thumbprint. Is there a different maneuver to generate a SHA2 certificate? 

I regenerated the certificate from: System Certificates Certificate Authorities > Regenerate Certificate Authority, and then downloaded the certificate from the same page.

Best regards, Anders



This thread was automatically locked due to age.
Parents
  • +1

    Anders,

    SHA2 is still not supported! Hope they will remove SHA-1 and move to SHA-2.

    The other way is to generate a certificate externally and upload it inside XG.

    Thanks

  • 0 in reply to lferrara

    Wow! To bad the release notes recommend regenerating the certificate to move to SHA2. Lets hope they solve this :)

    Thanks for your reply!

    Regards, Anders

  • 0 in reply to AndersK

    Anders,

    where did you read SHA2 from? I checked all the v16 release notes, but I did not find nothing about. Maybe I am missing something....

  • 0 in reply to lferrara

    This is from the document "Sophos XG Firewall v16.01.1 Staged Release – Release Notes" in XG Release 16.01.1.zip.

    "Behavior Changes / Known Behavior / Base System & Framework

    Certificate passphrase has been strengthened in SFOS v16, it is recommended to administrator regenerate the SSL CA certificate to use the strengthened passphrase on upgrading to SFOS v16 from v15. After regenerating the SSL CA, administrator will have to reinstall the new SSL CA in all client browser to avoid Certificate Error."

    I assumed this was the improved manual update process from SHA1 to SHA2 instead of the forced update in the 16.01.0 release. 

Reply
  • 0 in reply to lferrara

    This is from the document "Sophos XG Firewall v16.01.1 Staged Release – Release Notes" in XG Release 16.01.1.zip.

    "Behavior Changes / Known Behavior / Base System & Framework

    Certificate passphrase has been strengthened in SFOS v16, it is recommended to administrator regenerate the SSL CA certificate to use the strengthened passphrase on upgrading to SFOS v16 from v15. After regenerating the SSL CA, administrator will have to reinstall the new SSL CA in all client browser to avoid Certificate Error."

    I assumed this was the improved manual update process from SHA1 to SHA2 instead of the forced update in the 16.01.0 release. 

Children